Image Detection

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only image detection skill with optional cloud analysis, and its main risk is privacy clarity rather than hidden or unsafe behavior.

Use the privacy-focused stack for private or regulated images. Before installing the referenced npm packages or enabling Hive, reverse image search, or caching, check what image content, metadata, hashes, and results are transmitted or stored, and how those features can be disabled or deleted.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill promotes a cloud-based image analysis option and includes it in recommended configurations without clearly warning that images may be transmitted to a third-party service. This can lead users to unintentionally send sensitive or private images off-device, creating privacy, compliance, and data-handling risks even if the API itself is legitimate.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal